Re: [PATCH 0/3] Updates to the safe.directory config option

From: Junio C Hamano <gitster@pobox.com>
To: "Derrick Stolee via GitGitGadget" <gitgitgadget@gmail.com>
Cc: git@vger.kernel.org, me@ttaylorr.com, johannes.schindelin@gmx.de,
	Derrick Stolee <derrickstolee@github.com>
Subject: Re: [PATCH 0/3] Updates to the safe.directory config option
Date: Wed, 13 Apr 2022 09:15:51 -0700	[thread overview]
Message-ID: <xmqq35iharig.fsf@gitster.g> (raw)
In-Reply-To: <pull.1215.git.1649863951.gitgitgadget@gmail.com> (Derrick Stolee via GitGitGadget's message of "Wed, 13 Apr 2022 15:32:28 +0000")

"Derrick Stolee via GitGitGadget" <gitgitgadget@gmail.com> writes:

> Here is a very fast response to the security release yesterday.

Wow.  While I were down the whole day yesterday after sending the
release announcement, it seems a lot have happened X-<.  Does your
"a very fast" expect only "wow, thanks for a fast reponse", or does
it also expect "ok, we'll take a deep look with a spoonful of salt
as it was prepared in haste"?

> The second patch here is an adaptation from a contributor who created a pull
> request against git/git [1]. I augmented the patch with a test (the test
> infrastructure is added in patch 1).
>
> The third patch is a change to the safe.directory config option to include a
> possible "*" value to completely opt-out of the check. This will be
> particularly helpful for cases where users run Git commands within a
> container. This container workflow always runs as a different user than the
> host, but also the container does not have access to the host's system or
> global config files. It's also helpful for users who don't want to set the
> config for a large number of shared repositories [2].

Let me take a look how well these integrate into the maintenance
tracks.

I would appreciate something that is targetted and narrow that can
be applied to the oldest maintenance track (2.30.3) and then merged
upwards, plus niceties on top that does not necessarily have to
apply to the oldest ones if the surrounding code or tests were
changed more recently.

Thanks.

> Thanks, -Stolee
>
> [1] https://github.com/git/git/pull/1235 [2]
> https://github.com/git-for-windows/git/issues/3787 [3]
> https://github.com/desktop/desktop/issues/14336
>
> Derrick Stolee (2):
>   t0033: add tests for safe.directory
>   setup: opt-out of check with safe.directory=*
>
> Matheus Valadares (1):
>   setup: fix safe.directory key not being checked
>
>  Documentation/config/safe.txt |  7 +++++
>  setup.c                       | 12 ++++++---
>  t/t0033-safe-directory.sh     | 49 +++++++++++++++++++++++++++++++++++
>  3 files changed, 65 insertions(+), 3 deletions(-)
>  create mode 100755 t/t0033-safe-directory.sh
>
>
> base-commit: 11cfe552610386954886543f5de87dcc49ad5735
> Published-As: https://github.com/gitgitgadget/git/releases/tag/pr-1215%2Fderrickstolee%2Fsafe-directories-star-v1
> Fetch-It-Via: git fetch https://github.com/gitgitgadget/git pr-1215/derrickstolee/safe-directories-star-v1
> Pull-Request: https://github.com/gitgitgadget/git/pull/1215